臺灣博碩士論文加值系統

要在開放式的網路上召開一個會議而不被竊聽，所有的會議參與者在召開會議前，應該要先建立起一個共同的會議金鑰，以用來加密通訊的內容。但為了防止惡意的參與者蓄意欺騙，使得正確的參與者不能計算出共同的會議金鑰值，所以如何讓合法的使用者建立同樣的會議金鑰值，就是一個重要的問題。
以往會議參與者的身份認證是用人類難以記憶長度的金鑰值，例如：公開金鑰系統，這限制了參與者的活動性，因此如何使用人類可記憶的密碼當金鑰值，是一個值得研究的方向。此外，由於現今網路系統的高變動性，使得會議參與者的變動性變得更加頻繁，如何在較少回合數達到參與者的加入與離開，是另一個值得研究的方向。
因此在本篇論文中，提出一個可以讓合法參與者以密碼當身份認證，並且在較少的回合數裡，建立正確會議金鑰與處理參與者變動性的協定。

We want to hold a conference via an open Internet, and no passive adversary can eavesdrop the communication. Then all participants should establish a common conference key to encrypt the communication before we start a conference. Futhermore, for the sake of preventing some malicious participants prepensely cheating honest participants to compute the different conference keys, there is a very important issue how to let honest participants establish the common conference key.
Formerly, participants use keys that people are hard to memorize then to authenticate themself, for example, Public key system, this limits the move of participants. Therefore, there is a research-worthy issue how to use passwords that people can memorize then easlily as keys.
Besides these, due to the variation of moderm network system, the variations of participants become more frequent. There is another research-worhty issue how participant join and leave in less rounds. Thus, in this paper, we proposed one reoound-efficient conference agreement protocol that honest participants can use password to authenticate themself and protocol can deal with the variations of participants.

中文摘要 ............................................i
英文摘要 ...........................................ii
誌謝 ................................................iv
目錄 .................................................v
第一章引言 .......................................1
第一節研究動機 ....................................1
第二節研究重點與成果 .............................3
第三節各章節簡介 .................................5
第二章相關研究 ....................................6
第一節以密碼為基礎的身份認證 .....................6
第二節動態會議金鑰協定概述 .......................9
第一小節 正確性的討論 ...........................11
第二小節 安全性的討論 ...........................12
第三小節 效率的討論 .............................14
第三節基本的技術與原理 ...........................15
第一小節 零知識互動式證明系統 ...................15
第二小節 相關定理與假設 ........................17
第四節動態會議金鑰論文綜覽 .......................18
第一小節 動態會議金鑰協定 IKA ...................18
第二小節 動態會議金鑰協定 GDH ..................21
第三章以密碼為基礎的動態會議金鑰協議協定 …………24
第一節問題分析 ...................................24
第二節基礎架構 ...................................26
第一小節 具身份認證的公開驗證私密資訊系統 .......27
第三節會議初始階段 ..............................30
第一小節 安全性討論 ............................31
第四節會議金鑰 ..................................34
第一小節 正確性討論 ............................34
第二小節 安全性討論 ............................35
第三小節 效率討論 ............................38
第五節動態參與者加入與離開 ......................38
第一小節 正確性討論 ............................43
第二小節 安全性討論 ............................44
第三小節 效率討論 ............................47
第四章總結與未來工作 ............................50
參考文獻 ...........................................52
附錄 ................................................56

R. Anderson and T. Lomas, ''Fortifying key negotiation schemes with poorly chosen passwords,'''' Electronics Letters, vol. 30, no. 13, pp. 1040-1041, 1994.
G. Ateniese, M. Steiner, G. Tsudik, ''New multiparty authentication services and key agreement protocols,'''' IEEE. Selected Areas in Comm., vol. 18, no. 4, pp.628-639, Apr. 2000.
M. Bellare, D. Pointcheval and P. Rogaway, ''Authenticated key exchange secure against dictionary attack,'''' Proceedings of Advances in Cryptology - Eurocrypt 2000, pp. 139-155, 2000.
S. Bellovin, M. Merritt, ''Encrypted key exchange:password-based protocols secure against dictionary attack,'''' IEEE Symposium on Research in Security and Privacy, pp. 72-84, 1992.
S. Bellovin and M. Merritt, ''Augmented encrypted key exchange: a password-based protocol secure against dictionary attacks and password-life compromise,'''' ACM Conference on Computer and Communications Security, pp. 244-250, 1993.
M. Boyarsky, ''Public-key cryptography and password protocols: the multi-user case,'''' ACM Conference on Computer and Communication Security, pp. 63-72September 16, 1999.
V. Boyko, P. Mackenzie and S. Patel, ''Provably secure password authenticated key exchange using Diffie-Hellman,'''' Proceedings of Advances in Cryptology - Eurocrypt 2000, pp. 156-171, 2000.
U. Feige, A. Fiat, A. Shamir, ''Zero-knowledge Proof of Identity,'''' Journal of Cryptology, vol. 1, pp.77-94, 1988.
L. Gong, ''Optimal authentication protocols resistant to password guessing attacks,'''' IEEE Computer Security Foundation Workshop, pp. 24-29, June 1995.
L. Gong, M. Lomas, R. Needham, and J. Saltzer, ''Protecting poorly chosen secrets from guessing attacks,'''' IEEE Journal on SAC., vol. 11, no. 5, pp. 648-656, June 1993.
S. Halevi and Krawczyk, ''Public-key cryptography and password protocols,'''' ACM Conference on Computer and Communications Security, pp. 122-131, 1998.
D. Jablon, ''Strong password-only authenticated key exchange,'''' ACM Computer Communications Review, vol. 26, no. 5, pp. 5-26, 1996.
D. Jablon, ''Extended password key exchange protocols,'''' WETICE Workshop on Enterprise Security, 1997.
T. Kwon and J. Song, ''Efficient key exchange and authentication protocols protecting weak secrets,'''' IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol. E81-A, no. 1, pp. 156-163, January 1998.
T. Kwon and J. Song, ''Secure agreement scheme for $g^{xy}$ via password authentication,'''' Electronics Letters, vol. 35, no. 11, pp. 892-893, 27th May 1999.
M. Lomas, L. Gong, J. Saltzer, and R. Needham, ''Reducing rishks from poorly chosen keys,'''' ACM Symposium on Operating System Principles, ACM Operating Systems Review, pp. 14-18, 1989.
S. Lucks, ''Open key exchange: how to defeat dictionary attacks without encrypting public-keys,'''' The Security Protocol Workshop ''97, pp. 79-90, April 7-9, 1997.
P. Mackenzie and R. Swaminathan, ''Secure network authentication with password identification,'''' Presented to IEEE p1363a, August 1999.
D. Pointcheval, J. Stern. ''Security proofs for signatue schemes,'''' in Proceedings of Advances in Cryptology - Eurocrypt ''96, Lecture Notes in Computer Science 1070,Springer-Verlag, pp. 387-398, 1996.
M. Roe, B. Christianson, D. Wheeler, ''Secure sessions from weak secrets,'''' Technical report from University of Cambridge and University of Hertfordshire, 1998.
M. Steiner, G. Tsudik, and M. Waidner, ''Refinement and extension of encrypted key exchange,'''' ACM Operating Systems Review, vol. 29, no. 3, pp. 22-30, 1995.
M. Steiner, G. Tsudik, M. Waidner, ''Diffie-Hellman key distribution ex-tended to group communication,'''' in Third ACM Conference on Computer and Communications Security, pp. 31-37, Mar. 1996, ACM Press.
M. Steiner, G. Tsudik, M. Waidner, ''CLIQUES: A new approach to group key agreement,'''' in Proceedings of the 18th International Conference on Distributed Computing Systems (ICDCS''98)'''', Amsterdam, May 1998, pp. 380-387, IEEE Computer Society Press.
M. Steiner, G. Tsudik, M. Waidner, ''Key agreement in dynamic peer groups,'''' IEEE Transactions on Parallel and Distributed Systems, Vo1. 11, No. 8, pp. 769-780, August 2000.
G. Tsudik, E. van Herreweghen, ''Some remarks on protecting weak and poorly-chosen secrets from guessing attacks,'''' IEEE Computer Security Foundation Workshop, pp. 136-142, 1993.
W.G. Tzeng, Z.J. Tzeng, ''Round-efficient conference key agreement protocols with provable security,'''' Proceedings of Advances in Cryptology - Asiacrypt 2000, pp. 614-628, 2000.
T. Wu, ''Secure remote password protocol,'''' Internet Society Symposium on Network and Distributed System Security, 1998.